Privacy Notice for Client Contact Persons

Cloud1 Oy is committed to protecting your personal data. This privacy notice describes how your personal data is processed, including how we keep our clients’ contact persons’ data secure.
We always process personal data in compliance with applicable laws.

Data Controller

Cloud1 Oy acts as the data controller for the personal data of our clients’ contact persons.
Our contact information:
Contact person: Tommi Turkki
Email: tommi.turkki@cloud1.fi
Phone: +358 50 486 0215
For more information about data protection, please primarily contact us via email at: tietosuoja@cloud1.fi

Legal Basis for Processing Contact Person Data

Processing contact person data is based on:

• Cloud1 Oy’s legitimate interests, which are balanced with your rights to personal data protection – processing your data is essential for our business operations (e.g., client communication); or
• consent, such as subscribing to newsletters or notifications. You may withdraw your consent at any time, especially regarding direct marketing, by emailing tietosuoja@cloud1.fi.

Purposes of Processing Contact Person Data

The purposes for processing client contact person data are:

• Marketing events, sales processes, and billing processes;
• Matters related to the provision of ongoing services; and
• Collecting customer feedback.

Data Collected and Methods of Collection

We collect and process only the following client contact person data, as necessary for our business operations:

• Employer of the contact person
• Role within the company
• Name
• Email address
• Phone number
• Information on the use of our digital services (e.g., opening social media articles)

Data is collected by the following methods:

• The contact person enters their data digitally through our application;
• Data is received during meetings, calls, or emails related to the client relationship; or
• Data is provided by the contact person’s employer or a Cloud1 Oy employee.

Providing personal data to Cloud1 Oy is not legally required; however, Cloud1 Oy requires certain personal data to conduct business (e.g., for a commercial contract) with Cloud1 Oy. Thus, the absence of certain data may limit or prevent business between Cloud1 Oy and the client company.

Disclosure of Contact Person Data

Contact person data is generally not disclosed to other data controllers. However, Cloud1 Oy may be required to disclose personal data under mandatory legislation, such as to competent authorities.

Transfer of Contact Person Data, Including Transfers to Third Countries

Cloud1 Oy may occasionally use trusted and reputable service providers (e.g., IT services) for processing contact person data. In such cases, contact person data is transferred to these service providers. These services may include providing data processing infrastructure, software, and applications commonly used by a cloud service-focused business like Cloud1 Oy to process personal data.

Cloud1 Oy requires that service providers it uses enter into binding agreements for processing personal data in compliance with applicable data protection laws (including the EU General Data Protection Regulation, EU 2016/679).

As part of its business, Cloud1 Oy may also transfer contact person data to subcontractors operating outside the European Union and European Economic Area. In such cases, Cloud1 Oy ensures that data transfers are carried out with appropriate and applicable safeguards, such as based on the European Commission’s standard contractual clauses or adequacy decisions. These subcontractors include, among others (as of 10/2024): providers of Microsoft Azure, Microsoft Dynamics, and HubSpot services. Information on these safeguards can be found here (links to English pages):

• Adequacy decisions
• Standard contractual clauses for international transfers

Profiling and Automated Decision-Making

Cloud1 Oy does not engage in profiling based on client contact person data, nor does Cloud1 Oy make decisions through automated means based on this data.

Retention of Contact Person Data

Contact person data is retained for 10 years from the last business transaction between the client company and Cloud1 Oy.

Data Subject Rights

Data subjects have the right to object to the processing of their personal data at any time, if it is based on legitimate interest or if data is processed for direct marketing purposes.
Data subjects also have the right to:

• Obtain a copy of their personal data and legally required information on its processing;
• Request corrections of inaccurate or incomplete personal data or specify incomplete data;
• In cases permitted by law, request the deletion of personal data, for example, if it is no longer necessary for the declared purposes, or if consent is withdrawn as the only basis for processing;
• In cases permitted by law, request restrictions on data processing; and
• Lodge a complaint with the competent supervisory authority, which is the Office of the Data Protection Ombudsman in Finland.

To exercise their rights, data subjects may always contact: tietosuoja@cloud1.fi

Data Security

We have implemented appropriate organizational and technical measures necessary for a diligent operator in our industry to ensure data security. This includes preventing unauthorized access to data, protecting personal data from accidental destruction, and preventing unauthorized disclosure.

These measures include, among others, antivirus protection, secure messaging, and firewall arrangements. Data security requirements are monitored appropriately, including IT system access control.

Cloud1 Oy employees and subcontractors who process personal data are properly instructed and trained on data protection and data security matters.

Cookie Policy

We use cookies only with your consent (excluding essential cookies necessary to enable the functionality of our website).

Updates to This Privacy Notice

We may amend or supplement this privacy notice. We recommend reading this notice regularly.
Effective date of this version: 24.10.2024